6.3 Netscape Directory Server Configuration

The following sections apply only when connecting to Netscape Directory Server:

6.3.1 Defining Object Placement in Netscape Directory Server

We recommend following the Netscape naming rules for objects in Netscape Directory Server. A brief explanation of naming rules is included here for your convenience.

The directory contains entries that represent people. These person entries must have names. In other words, you must decide what the relative distinguished name (RDN) is for each person entry. The DN must be a unique, easily recognizable, permanent value. We recommend that you use the uid attribute to specify a unique value associated with the person. An example DN for a person entry is:

uid=jsmith,o=novell

The directory also contains entries that represent many things other than people (for example, groups, devices, servers, network information, or other data). We recommend that you use the cn attribute in the RDN. Therefore, if you are naming a group entry, name it as follows:

cn=administrators,ou=groups,o=novell

The directory also contains branch points or containers. You need to decide what attributes to use to identify the branch points. Because attribute names have a meaning, use the attribute name with the type of entry it is representing. The Netscape recommended attributes are defined as follows:

Table 6-1 Netscape Recommended Attributes

Attribute Name

Definition

c

Country name

o

Organization name

ou

Organizational Unit

st

State

l

Locality

dc

Domain Component

A Subscriber Placement policy specifies the naming attribute for a classname. The following example is for the User classname. The <placement> statement specifies that uid is used as the naming attribute.

<placement-rule> 
   <match-class class-name="User"/> 
   <match-path prefix="\Novell-Tree\Novell\Users"/> 
   <placement>uid=<copy-name/>,ou=People,o=Netscape</
 placement> 
</placement-rule>

The following Subscriber Placement specifies that ou is used as the naming attribute for class-name Organizational Unit.

<placement-rule> 
   <match-class class-name="Organizational Unit"/> 
   <match-path prefix="\Novell-Tree\Novell\Users"/> 
   <placement>ou=<copy-name/>,ou=People,o=Netscape</placement> 
</placement-rule>

To configure a placement policy:

  1. In iManager, click Identity Manager > Identity Manager Overview.

  2. Locate the driver in its driver set.

  3. Open the Identity Manager Driver Overview page by clicking the driver.

  4. Click the Publisher or Subscriber Placement policy icon, then make the appropriate changes.

  5. Click Close.

6.3.2 Working with eDirectory Groups and Netscape

Because group attributes are different in an Identity Vault and Netscape Directory Server, some special processing is required by the driver. On the Publisher channel, special processing takes place when the driver sees the attribute uniquemember in the classname groupofuniquenames.

The driver also sets the Equivalent To Me attribute in the eDirectory Group. The Equivalent To Me attribute must be included in the Publisher filter. The Equivalent To Me attribute need not be in the Schema Mapping policy because the eDirectory attribute name is used. There is no equivalent attribute name in Netscape Directory Server. No special processing is required on the Subscriber channel.